I have been tasked with making some changes to our network and would like to have someone review my proposed configuration for a Netvanta 1335 to ensure I have the configuration setup correctly.

The changes that I will be making to the configuration will consist of...

1. Create a new VLAN for setting up a Sonicwall NSA for high availability. (currently we have just a single port assigned to the firewall) I am proposing the new VLAN be called VLAN 100 - Internet.

(the way I understand, we will have the a single inbound connection from the DSL modem, that will run into Port 23 (VLAN100), that will then be sent back to the two Sonicwall NSA Devices (Ports 22 & 21) Still under VLAN 100, then the Sonicwall's will come back into the 192 Data VLAN (Ports 20 & 19).

(And maybe I'm making this more complex than it needs to be)

2. Create a Guest Vlan that will assign a DHCP address in the 172.168.2.x range. Plug the guest switch into port 9. For the Guest VLAN the only access it will have is to browse out to the internet.

alanf - Thanks for posting on the forum! We would be more than happy to review your configuration. You can reply to this post with the configuration, but please remember to edit out any information that is sensitive to your network.

One thing that may be an issue is your plan to have the Sonicwall NSAs connect to the same switch on their WAN and LAN interfaces. NetVanta switches do not support STP (spanning-tree protocol) on a per-VLAN basis. Therefore, the setup you propose will most likely cause a switching loop, resulting in network connectivity issues. To get around this problem, it would be best to physically separate the switches you are connecting the WAN VLAN to and LAN VLANs to.

Please do not hesitate to let us know if you have any further questions.

alanf - I cannot comment on the best way to configure the Sonicwalls for High Availability. In your case, you simply want to have the WAN and LAN on different switching domains to prevent any switching loops. For the WAN switch, you simply need a layer 2 device so a 1224 or 1234 will do. The benefit of having the 1335 act as your LAN switch is that it will be able to do inter-VLAN routing if necessary.

I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.